This paper discusses the security problems in p2p system. The goal is to
provide secure routing in the presence of malicious nodes. The authors
identify possible attacks in three categories: nodeID assignment, routing
maintenance, and forwarding messages. Solutions of defenses to these
attacks are proposed separately. An optimization is discussed to minimize
the overhead of secure routing.
If nodeID assignment can be controlled by attackers, the attackers may
surround a victim node or partition a p2p network by choosing nodeIDs on
purpose. The possible solution is to move nodeID assignment to trusted
certification authorities (CAs). This approach prevents attackers to get
too many nodeIDs if money or puzzles are requested for certification, but
it does not work with small overlay network and p2p network with dynamic
nodeIDs such as CAN.
Secure routing table maintenance is necessary because attackers may fake
the closet node or supply routing updates to interrupt the correct
routing. The authors suggest maintaining two routing tables: one for
efficient routing, the other for constraining routing table entries.
Routing tables are built from a set of bootstrap node, instead of one.
This solution trades the complexity to security. It is expensive to
maintain two routing tables per node. The complexity implies not only
lower performance, but also insecurity. The system needs to guarantee
bootstrap node secure and is exposed to more unknown bugs.
For message forwarding, faulty node may be any node along the routing path
from the first node to the root node. The faulty nodes may drop the
message or route the message to a wrong place. Moreover, the root node
itself may be faulty. A possible solution is to apply a failure test to
determine if routing is correct. Otherwise redundant routing and iterative
routing could be used to deliver to massage. The failure test is tricky.
The failure test itself may vulnerable to other attacks. The compensation
routing is very expensive.
Overall, it is a well-written paper. The secure routing problem is hard.
The solutions proposed in this paper are not the best. It is better to
keep the p2p system simple. To keep it simple, we can try to trust more
components in the p2p network. Even with authors’ solution, we have to
trust CAs and bootstrap nodes. Another difficulty is to detect whether a
node is malicious given the nodeID. That’s why the failure tests are hard
to perform. Once a faulty node is detected, it should be blocked and
removed from the p2p network.
Received on Wed Nov 16 2005 - 20:00:19 EST
This archive was generated by hypermail 2.2.0 : Wed Nov 16 2005 - 22:47:58 EST